Home > Vulnerability Database > CVE-2026-23519

Mend.io Vulnerability Database

CVE-2026-23519

Good to know:

Date: January 15, 2026

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). This vulnerability is fixed in 0.4.4.

Severity Score

6.8

Related Resources (6)

Url: https://rustsec.org/advisories/RUSTSEC-2026-0003.html

Url: https://github.com/RustCrypto/utils

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-23519

Url: https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp

Url: https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778

Url: https://www.mend.io/vulnerability-database/CVE-2026-23519

Severity Score

6.8

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Observable Timing Discrepancy

CWE-208

Top Fix

Upgrade Version

Upgrade to version cmov - 0.4.4;https://github.com/RustCrypto/utils.git - cmov-v0.4.4

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-23519

Good to know:

Date: January 15, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?